CVE-2019-6469

EPSS 1.06%
Published 09.10.2019 16:15:17
Last modified 21.11.2024 04:46:30
Source security-officer@isc.org
Teams watchlist Login
Open Login

An error in the EDNS Client Subnet (ECS) feature for recursive resolvers can cause BIND to exit with an assertion failure when processing a response that has malformed RRSIGs. Versions affected: BIND 9.10.5-S1 -> 9.11.6-S1 of BIND 9 Supported Preview Edition.

Affected products Warnungen 0 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Isc ≫ Bind Version9.10.5 Updates1 SwEditionsupported_preview

Isc ≫ Bind Version9.11.6 Updates1 SwEditionsupported_preview

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.06%	0.756

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P
security-officer@isc.org	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://kb.isc.org/docs/cve-2019-6469

Third Party Advisory

https://support.f5.com/csp/article/K39751401?utm_source=f5support&amp%3Butm_medium=RSS

https://nvd.nist.gov/vuln/detail/CVE-2019-6469

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-6469

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-6469

EUVD